what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

CVE-2011-4347

Status Candidate

Overview

The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.

Related Files

Red Hat Security Advisory 2012-1042-01
Posted Jun 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1042-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2011-4347, CVE-2012-0038, CVE-2012-0044, CVE-2012-1097, CVE-2012-1179
SHA-256 | 40cee47ca38fd36212e40e2fc4e2a93d9ca6eec1d81c1a7cbc0f4200899d8b20
Ubuntu Security Notice USN-1440-1
Posted May 9, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1440-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-2100, CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-2100
SHA-256 | a0bc278da385b31cfe46ccd1ea6aa31d7dd04bed4a06bb0e7207f3a236fdd376
Ubuntu Security Notice USN-1433-1
Posted May 1, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1433-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-1179, CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-1179
SHA-256 | d91c996ccff95c6d7dd3c3aa09f0a4d61c622e96df26b9dd2000e3472ca4feec
Ubuntu Security Notice USN-1431-1
Posted May 1, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1431-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-1179, CVE-2011-4086, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-1179
SHA-256 | 1f6883f19f9a2b1057e35bd8aa804fda23a4a1a09b6012236c8db13c99741688
Ubuntu Security Notice USN-1425-1
Posted Apr 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1425-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097
SHA-256 | a4ebb7a7d3610540b7ba067052a88fae2ed7b25106dd60474cf0e6ff6f66a43e
Ubuntu Security Notice USN-1426-1
Posted Apr 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1426-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097
SHA-256 | b20a8fb0dbc0f6baf45551dad251eb25da8310f6bbb52386c56274a4a333a333
Ubuntu Security Notice USN-1422-1
Posted Apr 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1422-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146, CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146
SHA-256 | bf943afabe2b178efa14db2ffd2c372b54a5c09d7ebd314672fb98ad08653599
Ubuntu Security Notice USN-1421-1
Posted Apr 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1421-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146, CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146
SHA-256 | 8f5ffc23204a00c78465f73eb061c75c15675500d33d72427c6adbb209274eef
Debian Security Advisory 2443-1
Posted Mar 28, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2443-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2009-4307, CVE-2011-1833, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097
SHA-256 | d50bf6dbe234272263b4d756659d95d7bab63dffdef93404c1f40535771db5b3
Ubuntu Security Notice USN-1409-1
Posted Mar 28, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1409-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-3347, CVE-2011-4347, CVE-2011-3347, CVE-2011-4347
SHA-256 | 44da8fa5faaffba0654941eea0156b631ec7b6b0252ac9c3aadef25ef4617435
Ubuntu Security Notice USN-1406-1
Posted Mar 28, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1406-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan B=C3=A4rwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146, CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146
SHA-256 | daec70c79148be4f16814b730209fb95008de030d988a2c710ae8fd2ecd47c4a
Ubuntu Security Notice USN-1407-1
Posted Mar 28, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1407-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan B=C3=A4rwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146, CVE-2011-4347, CVE-2012-0045, CVE-2012-1097, CVE-2012-1146
SHA-256 | 855ba7a3106fee31b467fdbdd5e12d64132663a4fd40edb37894503c1311c4b8
Ubuntu Security Notice USN-1405-1
Posted Mar 28, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1405-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-3347, CVE-2011-4127, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2011-3347, CVE-2011-4127, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146
SHA-256 | a1810aa0224d5610b94f222d0d0a5584fecdd12de16b48ca1b2e4fb4599134d2
Ubuntu Security Notice USN-1389-1
Posted Mar 7, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1389-1 - Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-4127, CVE-2011-4347, CVE-2011-4622, CVE-2012-0038, CVE-2012-0879, CVE-2011-4127, CVE-2011-4347, CVE-2011-4622, CVE-2012-0038, CVE-2012-0879
SHA-256 | 7d7009f9984a3c1066f9fbdae728ca6f232f4e960984205099433cf15e0c787b
Red Hat Security Advisory 2012-0350-01
Posted Mar 6, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0350-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4347, CVE-2011-4594, CVE-2011-4611, CVE-2011-4622, CVE-2012-0038, CVE-2012-0045, CVE-2012-0207
SHA-256 | d8a60be00abc472adc04c925566012a45e0ea8c2dd26a7a38e5dd76f2aabd4c9
Red Hat Security Advisory 2012-0149-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0149-03 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A member of the kvm group on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2011-4347
SHA-256 | 52ddce2218c312d1c3ecce3bfbf426ea56da1c30ba13b0970d775b410ad1bd6c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close